deny from htaccess not working?

[ElricM]

I have someone who is direct linking to my files in a particular directory. I tried to experiment with using .htaccess to deny, but it's not working.

I have the following:

order allow,deny
deny from badguy.com
allow from all

I also tried reversing the order

order deny,allow
deny from badguy.com
allow from all

but when I go to his site, I can still download my files. WHat am I doing wrong? I have the .htaccess file in the directory I want to forbid and at the webroot. This is in a subdomain. (eg. subdomain.mydomain.net)

Thanks

Edit: I also created a vhost.conf file for the subdomain and put these lines in it:

<Directory "/home/httpd/vhosts/<Mydomain>.net/subdomains/<SubdomainName>/httpdocs/*">
order allow,deny
deny from badguy.com
allow from all
</Directory>

ran websrvmng, restarted apache and verified the directives were in the list (using Webmin to view them). It still doesn't work e.g., I can still download the files from his site.

 

[ElricM]

Anyone? I have AllowOverride All enabled for the directory container. I also put "deny from all" in the .htaccess file as a test and got rejected so I know .htaccess is being read.

Seems if I have

deny from badguy.com
allow from all

the "allow from all" overrides the deny, similarily if I have

deny from all
allow from <me>

the "deny from all" takes precedence. This seems to be the case no matter what the order directive is (e.g., "order deny,allow" or "order allow,deny")

 

[jamesyeeoc]

It is possible that when the double reverse DNS lookup is done and then the forward lookup to verify (per Apache's docs) is done and if the result does not match, then the directive is not applied.

Have you tried verifying all IPs owned by badguy.com and blocking the IP range?

Personally, I'd block his IPs at the firewall level....